VYPR

Apex One

by Trend Micro

CVEs (171)

  • CVE-2025-71211CriMay 21, 2026
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note:…

  • CVE-2025-71210CriMay 21, 2026
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via…

  • CVE-2026-34926MedKEVMay 21, 2026
    risk 0.56cvss 6.7epss 0.13

    A directory traversal vulnerability in the Apex One (on-premise) server could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations. This vulnerability is only exploitable on the…

  • CVE-2026-45208HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2026-45207HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different process protection communication mechanism. Please note: an attacker must…

  • CVE-2026-45206HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different process protection communication mechanism. Please note: an attacker must…

  • CVE-2026-34930HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the…

  • CVE-2026-34929HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. Please note: an attacker must first…

  • CVE-2026-34928HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain…

  • CVE-2026-34927HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2025-71217HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on…

  • CVE-2025-71216HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2025-71214HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2025-71213HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.00

    An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2025-71212HigMay 21, 2026
    risk 0.51cvss 7.8epss 0.01

    A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit…

  • CVE-2025-71215HigMay 21, 2026
    risk 0.46cvss 7.0epss 0.00

    A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute…

  • CVE-2020-8599KEVMar 18, 2020
    risk 0.17cvss epss 0.12

    Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability.

  • CVE-2020-8467KEVMar 18, 2020
    risk 0.14cvss epss 0.11

    A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.

  • CVE-2020-8468KEVMar 18, 2020
    risk 0.14cvss epss 0.06

    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user…

  • CVE-2025-54948KEVAug 5, 2025
    risk 0.13cvss epss 0.20

    A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

Page 1 of 9